As the title says, I use the SQL to select But report the Error. The SQL in the Mapper below
<select id="selectBillDetailByBizIdAndClearType" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from dwd_clearing_bill_detail
where biz_detail_id in
<foreach collection="bizDetailIdList" item="item" index="index" open="(" separator="," close=")">
#{item}
</foreach>
and clear_type in
<foreach collection="clearTypeList" item="item" index="index" open="(" separator="," close=")">
#{item}
</foreach>
</select>
It's an exception indicating that building SQL statement this way is insecure. Someone can inject malicious SQL code, retrieving sensitive data or modify/remove your data. Please see https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html